-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2007-12-04 00:04:35 UTC
-
Revision ID:
james.westby@ubuntu.com-20071204000435-7puqrad905ohse3q
Tags: 2007-12ubuntu3.1
* SECURITY UPDATE: improper bounds on static buffer results in stack-based
buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
enough memory in build/source/texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
checking in dvi2xx.*.
* References
CVE-2007-5935
CVE-2007-5936
CVE-2007-5937